Trustix™ AntiVirus - An Essential Element in Your IT Security Toolbox
View as PDF
Overview
Computer viruses are a leading security threat to Internet-connected networks. As more and more businesses have increased their productivity by using networks and high-speed Internet connections, viruses have become the most prolific and costly security issue facing small to medium sized businesses. It is reported that 15 Billion email messages are sent daily and this continues to be the most common method for spreading viruses.
This gets worse each year, both in terms of the number of virus infections and the cost of cleanup. Destructive viral programs can infect networked computers through e-mail attachments, Web content or infected files.
Viruses can also be used as delivery mechanisms for hacking tools, putting the security of the organization at risk, even though a firewall may be installed.
The downtime for a company, as a result of data loss, can drastically influence a company's long-term success. And for smaller companies, this could mean the difference between having a business and going bust.
This paper explains the virus threat and how you can implement an effective anti-virus strategy to protect your network.
The Virus Epidemic
Today there are more than 80,000 viruses in existence.
Companies spent $1.8 Billion on anti-virus products and $257 Million on email scanning products in 2003, reports IDC.
However, even after spending all this, 85% of companies still reported virus and worm outbreaks, The FBI 2003 Computer Security Crime & Security Survey.
According to The FBI, the Nimda virus cost companies $635 million in clean-up and lost productivity. The total sum for the various versions of Code Red was $2.62 billion, SirCam cost corporates $1.15 billion, and the unlovely Love Bug cost $8.75 billion to exterminate!
According to the Information Security Breaches Survey 2004, 72% of UK businesses had received infected e-mails or files during the year. Among large businesses, this was 83%, with a third of these having received over 100 separate viruses in the last year.
Information Security Breaches Survey 2004
Currently, the latest threat February 2004, is from a malicious worm called Mydoom or Novarg. This is a computer virus spread via e-mail which has been described by security experts as the largest virus outbreak in months.
One of the major reasons why viruses continue to be a problem is because of the “window of exposure”. This is the time window between a new virus being released and when networks are protected. Virus writers exploit this and infect networks before vendors have time to update their antivirus solutions.
Another cause for the high incidence of vi rus attacks is the increasing sophistication of viruses and malicious code. Companies are now facing blended threats that possess characteristics of viruses, worms and Trojans and blend these with hacking techniques.
What is a computer virus?
A computer virus is executable code that, when run by someone, infects or attaches itself to other executable code in a computer in an effort to reproduce itself.
Some computer viruses are malicious, erasing files or locking up systems; others merely present a problem solely through the act of infecting other code. In either case, though, computer virus infections should not go untreated.
While there are thousands of variations of viruses, most fall into one of the following eight general categories:-
- File Virus: infects applications. These executables then spread the virus by infecting associated documents and other applications whenever they're opened or run.
- Stealth Virus: hides its presence by making an infected file not appear infected, but doesn't usually stand up to anti-virus software.
- Macro Virus: written using a simplified macro programming language, these viruses affect Microsoft Office applications, such as Word and Excel, and account for about 75 percent of viruses found in the wild. A document infected with a macro virus generally modifies a preexisting, commonly used command (such as Save) to trigger its payload upon execution of that command.
- Trojan: a destructive program that masquerades as a benign application. Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
- Worm: a program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down. It is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.
- Boot Sector Virus: replaces or implants itself in the boot sector - an area of a disk accessed when you first turn on your computer. This kind of virus can prevent you from being able to boot your hard disk.
- Polymorphic Virus: a virus that changes its virus signature (i.e., its binary pattern) every time it replicates and infects a new file in order to keep from being detected by an antivirus program.
- Multipartite Virus: infects both files and the boot sector—double trouble that can re-infect your system dozens of times before it's caught.
Virus Prevention
To help you supplement your anti-virus scanning solutions, network users need to be vigilant about viruses. User education plays a vital role in preventing infections by stopping users from installing software or opening email attachments without considering the implications. If you combine these guidelines with your anti-virus scanning solution, you will greatly reduce the virus threat.
- Make sure your anti-virus software is updated daily: The greater the frequency of updates, the more effective your scanner will be in detecting and destroying the viruses.
- Do not open unexpected email attachments: The majority of viruses are sent via email attachments. Do not execute any attachment from an email until your anti-virus scanner has processed it to make sure it is clean. Viruses sent by email attachments can quickly infect your whole network. Beware!
- USB keys and CDs should be virus-checked: You should always check these external media devices for viruses before using them.
- Downloaders Beware!: Be vigilant when downloading free software from the internet. Always virus scan the software you have downloaded before you download it onto your PC.
- Block all Executable Files: By blocking email attachments such as EXE and VBS, will keep down the threat of virus infections. Similarly, don’t use self-extracting zip files to send files, instead use statically compressed zip files that can be scanned for viruses first.
- Regular Backups: If you do experience a virus attack, chances are your data on your PC will be corrupt and potential unrecoverable. To protect yourself from such an occurrence, it is advisable to ensure that your data is backed up regularly.
Trustix AntiVirus Solution
Trustix AntiVirus is an effective antivirus scanner and monitor which automatically detects and eliminates all known types of Trojans, worms, scripts and other harmful viruses. After selecting the drives to scan, any infected files it encounters are incepted, disinfected and removed before they can deliver their destructive payload.
Trustix AntiVirus Features
Automatic virus removal : Trustix™ AntiVirus automatically detects and eliminates all types of viruses quickly and effectively. After selecting the drives to scan, any infected files it encounters are detected, intercepted and disinfected before they can deliver their destructive payload.
Heuristic detection engine: Trustix™ AntiVirus employs the latest heuristic techniques to identify previously unknown viruses and Trojans. 'Heuristics’ describes the method of analyzing the code of a file to ascertain whether it contains code typical of a virus. If it is found to do so then Trustix AntiVirus will disinfect the file or recommend it for quarantine.
This is a quantum leap in the battle against malicious scripts and programs as it allows the engine to 'predict’ the existence of new viruses- even if it isn’t contained in the current virus database. Wizard based updates: Online threats from viruses, worms and Trojans evolve and manifest themselves on a daily basis. In order to guarantee the relevance of your antivirus software it is imperative that your virus databases are updated as regularly as possible. Our antivirus database is maintained and updated around the clock by a team of dedicated technicians, providing you with daily updates.
One click, on-demand updates: Clicking the 'Update’ button instantly contacts the Trustix™ AntiVirus web site and downloads database updates. This is especially important after running Trustix™ Antivirus for the first time. The 'Update’ function complements the scheduled updates and its periodic use helps maintain the cutting-edge relevance of your virus databases.
Scans compressed files: Unlike some antivirus programs, Trustix™ AntiVirus also scans archived files such as .zip, .rar etc. Any viruses lurking inside these compressed files will be detected. These include RAR, WinRAR, ZIP, WinZIP ARJ, WinARJ and CAB archives. Furthermore, Trustix™ Antivirus can scan all major mail bases, including:- PlainMail (MIME), PlainMail (UUE), Outlook Express 4.x , Outlook Express 6.x.
Quarantine Facility: The quarantine facility removes and isolates suspicious items into a safe location before analyzing them for possible infection. Any files transferred in this fashion are encryptedmeaning they cannot be run or executed. This isolation prevents infected files from affecting the rest of your PC. If a file cannot be disinfected then it provides a reliable safe-house until the virus database is updated- neutralizing the impact of any new virus.
Submit files for analysis: Trustix™ Anti-virus delivers the most comprehensive virus protection service available. After a file has been quarantined because of suspected infection, you have the option to submit the file for analysis. The 'Submit’ button will dispatch the file to our analysis center to be scrutinized for the presence of viruses. Who knows? - You may be the first victim of a new Trojan or worm!! After sending the file to us, our emergency response team will determine whether it contains harmful code and take immediate action to nullify it. The submit function is an important component of our co-ordinated strategy to combat zero-hour virus outbreaks. By working together with our customers we will hopefully be one step ahead of the virus writers.
On Demand Scanning: Files, folders and archives can be scanned before opening with the context menu integration of the scanning engine. Right clicking on a file reveals the option to 'Scan with Trustix Antivirus …’ – allowing immediate scanning of specific areas of your hard drive. This functionality is very useful for checking that there is not a virus in the files that you receive through any medium such as a floppy disk or e-mail, or in files that you have downloaded from Internet.
Instant messenger integration: Instant messengers have become one of the most popular methods of keeping in touch with friends and colleagues. Unfortunately, this also makes them one of the prime methods of virus transmittance. A file sent to you via an instant messenger may be infected yet most Antivirus programs don’t have the ability to scan them before they are opened or saved.
Network drive scanning: Infected files that are located on network folders and mapped drives can affect your PC as severely as locally stored files. Trustix™ AntiVirus will detect any remote drives and scan them for viruses, Trojans and worms. This means complete protection not only from local viruses but any potential threats on a network. Furthermore, Trustix™ AntiVirus can be installed on servers to provide comprehensive, network wide safety for all shared files.
Process monitoring: Trustix™ Antivirus continually scans memory resident processes for viruses. If you launch a program or file which creates destructive anomalies then the scanner will detect it. You will then be offered the chance to disinfect, delete or block access to the specific object. Trustix™ Anti- Virus performs the check for viruses in the memory of running programs right after it is loaded, and also every time you update your anti-virus databases. This 'always on’ protection against pernicious RAM based processes means viruses are stopped in their tracks before your entire computer is affected.
System Resource Friendly: Trustix™ Antivirus offers perpetual and effective protection for your PC yet hardly touches system resources. It will quietly defend your system from virus attacks but won’t hog your CPU or RAM. Taking up less than 5mb of hard drive space, Trustix™ AntiVirus unobtrusively sits in your system tray whilst affording complete protection.
User Friendly interface: Ensuring the safety of your data and the purity of your system has never been easier. Trustix™ simplify the task of threat management with its intuitive graphical user interface. There are no arcane command lines to learn- just simple point and click deployment of your antivirus settings. Options are presented in a straightforward and perspicuous manner and configuration is a transparent, uncomplicated process. Settings for scans, schedules and quarantines are manipulated easily and painlessly. Whether you are a seasoned IT professional or computer novice, the deployment of complete virus protection is a breeze with Trustix™ Antivirus.
Scheduled protection: Trustix™ AntiVirus protects against viruses, worms and scripts from the time you first boot up until the time you switch off. Immediately after Windows is started the program scans system memory and autoload areas to ensure your system is virus and Trojan free. Deep scans of local and network hard drives can easily be configured through the Windows Scheduler utility- check drives to a timetable that suits you!! Trustix™ AntiVirus consults an encyclopedic virus database to deliver the most reliable and customizable protection for your PC.
To learn more on how Trustix™ AntiVirus can help you to protect your business call +1 888 266 6361 or +44 161 874 7080 or visit us at http://antivirus.trustix.com AntiVirus software is only one part of your IT security toolbox
According to a report issued in January 2004 by the Aberdeen Group: "The Internet worms of 2003 took advantage of common network channels and system vulnerabilities to deposit executable payloads on unprotected PCs and PC servers. These worms were able to gain access to resources on the local corporate network to subsequently infect other PCs and PC servers throughout the network."
The Aberdeen Group agrees that antivirus software is still effective as long as it's part of a combination package; the challenge for buyers and suppliers in 2004 will be a package that delivers antivirus, PC firewalls and anti-spyware. The PC firewall can prevent inbound payloads from landing and sending unauthorized outbound communications to unknown locations.
According to the Information Security Breaches Survey 2004, the biggest single cause of serious incidents was Blaster, a worm that bypassed antivirus software by attacking weaker areas of network security. This was particularly true among larger businesses, where it accounted for 56% of the worst virus incidents.
The Trustix™ Personal Firewall has an inbuilt Spyware Killer and Pop-Up Stopper. To learn more on how Trustix™ Personal Firewall can help you protect your business call +1 888 266 6361 or +44 161 874 7080 or visit us at www.personalfirewall.trustix.com
